SUMMARYYou can connect to a remote computer that is running Microsoft Windows Terminal Services by using a Remote Desktop Protocol connection . This kind of connection provides encryption for the data that is sent between the terminal server and the client computer . However, this kind of connection does not provide authentication for the terminal server . You may want to make sure that your terminal server is correctly authenticated before you connect to it . To do this, configure your terminal server to use Transport Layer Security (TLS) to authenticate the terminal server and to encrypt the data that is sent between the terminal server and the client computer.
To configure a TLS connection, you must configure both the terminal server and the client computer. To configure the terminal server, you must perform both the following steps:
|You must install a valid certificate on the terminal server.|
|You must configure the authentication settings by using the Terminal Services Configuration tool.|
To configure the client computer, you must perform both the following steps:
|You must configure the client computer to trust the root Certification Authority that issued the terminal server's certificate.|
|You must configure the authentication settings for the remote connection by using the Remote Desktop Connection program or by modifying the registry.|
If you use the Remote Desktop Protocol (RDP) to connect to a terminal server, RDP provides data encryption but it does not provide authentication. Therefore, you cannot verify the identity of the terminal server. You can use Microsoft Windows Server 2003 Service Pack 1 (SP1) together with Transport Layer Security (TLS) version 1.0 to help increase terminal server security by using TLS for server authentication and to encrypt terminal server communications.
This article describes how to configure Windows Server 2003 SP1 to use TLS 1.0 for server authentication to encrypt terminal server communications.